<?php

/**
 * oRs
 *
 * @version 3.0
 * @copyright 2009 Ron Planken
 * @class: user
 * @description: Handles user logging in/register
 */

class user {
	
	
	private $failed = false; // failed login attempt
	private $id = 0; // the current user's id
	private $_system;

	function __construct($system) {
		
		$this->_system = $system;
		
		if ($_SESSION['logged'] == true) {
			$this->_checkSession();
		} elseif ( isset($_COOKIE[config::_COOKIE_NAME]) ) {
			$this->_checkRemembered($_COOKIE[config::_COOKIE_NAME]);
		}
	}

	function _checkLogin($username, $password, $remember) {

		$username = $this->_system->_db->secure_string($username);

		$query = "SELECT * FROM user WHERE username = $username";

		$user = $this->_system->_db->selectRowQuery($query);

		$hash = $this->_system->_db->secure_string(sha1(config::_GLOBALSALT . $password . $user['salt']));

		$query = "SELECT * FROM user WHERE " . "username = $username AND " . "password = $hash";

		$result = $this->_system->_db->selectRowQuery($query);

		if ( is_array($result) ) {
			$this->_setSession($result, $remember);
			return true;
		} else {
			$this->failed = true;
			$this->_logout();
			return 2;
		}
	}

	function checkRegistration($username = "", $email = "") {

		$check['user'] = false;
		$check['email'] = false;
		
		if(!empty($username))
		{
			$username = $this->_system->_db->secure_string($username);

			$query = "SELECT count(*) FROM user WHERE username = $username";
			
			$user_count = $this->_system->_db->selectQuery($query);
			
			if($user_count > 0)
			{
				$check['user'] = true;
			}
			else
			{
				$check['user'] = false;
			}

		}
		if (!empty($email))
		{
			$email = $this->_system->_db->secure_string($email);

			$query = "SELECT count(*) FROM user WHERE email = $email";

			$email_count = $this->_system->_db->selectQuery($query);

			if($email_count > 0)
			{
				$check['email'] = true;
			}
			else
			{
				$check['email'] = false;
			}
		}
		
		return $check;
	}


	function _setSession($result, $remember, $init = true) {
		
		$this->id = $result['user_id'];

		$_SESSION['uid'] = $this->id;
		$_SESSION['username'] = htmlspecialchars($result['username']);
		$_SESSION['cookie'] = $result['password'];
		$_SESSION['class_display'] = $result['class_display'];
		$_SESSION['signup_display'] = $result['signup_display'];
		$_SESSION['logged'] = true;

		$_SESSION['level'] = $result['level'];

		if ($remember) {
			$this->updateCookie($result['password'], true);
		}
		if ($init) {
			$session = $this->_system->_db->secure_string(session_id());
			$ip = $this->_system->_db->secure_string($_SERVER['REMOTE_ADDR']);

			$query = "UPDATE user SET session = $session, ip = $ip WHERE user_id = $this->id";


			$this->_system->_db->UpdateQuery($query);
		}
	}

	function updateCookie($cookie, $save) {
		$_SESSION['cookie'] = $cookie;

		if ($save) {
			$cookie = serialize(array($_SESSION['username'], $cookie) );
			setcookie(config::_COOKIE_NAME, $cookie, time() + 31104000, '/');
		}
	}

	function _checkRemembered($cookie) {

		list($username, $cookie) = unserialize(stripslashes($cookie));

		if (!$username or !$cookie) return;

  	$username = $this->_system->_db->secure_string($username);
		$cookie = $this->_system->_db->secure_string($cookie);
		$ip = $this->_system->_db->secure_string($_SERVER['REMOTE_ADDR']);

		$query = "SELECT * FROM user WHERE (username = $username) AND (password = $cookie) AND (ip = $ip)";

		$result = $this->_system->_db->selectRowQuery($query);

		if (is_array($result) ) {
			$this->_setSession($result, true);
		}
	}

	function _checkSession() {
		$username = $this->_system->_db->secure_string($_SESSION['username']);
		$cookie = $this->_system->_db->secure_string($_SESSION['cookie']);
		$session = $this->_system->_db->secure_string(session_id());
		$ip = $this->_system->_db->secure_string($_SERVER['REMOTE_ADDR']);

		$query = "SELECT * FROM user WHERE (username = $username) AND (password = $cookie) AND (session = $session) AND (ip = $ip)";

		$result = $this->_system->_db->selectRowQuery($query);

		if (is_array($result) ) {
			$this->_setSession($result, false, false);
		} else {
			$this->_logout();
		}
	}

	function _logout() {
		setcookie(config::_COOKIE_NAME, "empty", time() - 9000000, '/');
		$this->_system->session_defaults();
	}


	function save($user_id = 0, $name, $email, $password, $username, $level = 1, $salt, $class_display = 0, $signup_display = 0) {

		$hash = $this->_system->_db->secure_string(sha1(config::_GLOBALSALT . $password . $salt));


		$name = $this->_system->_db->secure_string($name);
		$email = $this->_system->_db->secure_string($email);
		$username = $this->_system->_db->secure_string($username );
		$salt = $this->_system->_db->secure_string($salt);
		
		$class_display = $this->_system->_db->secure_int($class_display);
		$signup_display = $this->_system->_db->secure_int($signup_display);
		
		$user_id = $this->_system->_db->secure_int($user_id);


		if ($user_id == 0) {
			$query ="INSERT INTO user
						   (name
						   ,email
						   ,password
						   ,username
						   ,level
						   ,created_time
						   ,salt
						   ,class_display)
					VALUES ($name
						   ,$email
						   ,$hash
						   ,$username
						   ,$level
						   ,Now()
						   ,$salt
						   ,$class_display)
							";
			$status = $this->_system->_db->InsertQuery($query);

		} else {
			$query ="UPDATE user
						SET name = $name
						   ,email = $email
						   ,username = $username
						   ,level = $level
						   ,created_time = Now()
						   ";
			if (!empty($password))
			{
				$query .= ",password = $hash";
				$query .= ",salt = $salt";
			}
			if (!empty($class_display))
			{
				$query .= ",class_display = $class_display";
			}
			if (!empty($signup_display))
			{
				$query .= ",signup_display = $signup_display";
			}
			$query .= " WHERE user_id = $user_id
							";
			$status = $this->_system->_db->UpdateQuery($query);
		}

		return $status;

	}

	function get($user_id = 0, $level = 0) {

		$user_id = $this->_system->_db->secure_int($user_id);

		if ($user_id == -1) {
			$query ='SELECT  u.user_id
							,u.name	,u.email
							,u.password
							,u.cookie
							,u.session
							,u.ip
							,u.username
							,u.level
							,u.created_time
							,u.salt
					   FROM user u
					  WHERE removed = 0
					  ORDER by u.name ASC;
							';
		} else {
			$query ="SELECT  u.user_id
							,u.name	,u.email
							,u.password
							,u.cookie
							,u.session
							,u.ip
							,u.username
							,u.level
							,u.created_time
							,u.salt
					   FROM user u
					  WHERE u.user_id = $user_id
					  	AND removed = 0
							";
		}

		$users = $this->_system->_db->selectMultiQuery($query);

		return $users;
	}


	function remove($user_id = 0) {

		$user_id = $this->_system->_db->secure_int($user_id);

		$query ="UPDATE user
		            set removed = 1
				  WHERE user_id = $user_id;
							";
		$status = $this->_system->_db->UpdateQuery($query);

		return $status;
	}
}


?>